Tyre manufacturer and subsidiary of global giant Goodyear, South Pacific Tyres (SPT), has installed auditing and reporting software to ensure it is Sarbanes-Oxley compliant.
SPT uses one iSeries system with three separate partitions to run a mixture of ERP and home-grown applications.
Outsourced to Kaz, the iSeries runs all of SPT's corporate systems, from manufacturing through to retail, and disaster recovery is achieved with real-time replication.
John Pap, chief information officer at SPT, told Computerworld the iSeries, while very secure, needed to be taken to the next level to satisfy the compliance requirements of Goodyear.
"There's no question of the iSeries security, but Sarbanes-Oxley requires proof of security and reporting to prove to external auditors that nobody has gained inappropriate access," he said.
SPT therefore justified the investment in security solutions software from NetIQ which provides a "multifaceted approach" to restricting and tracking iSeries data and application access, according to the company.
"There are a few tools out there and we looked at a number, but the one thing that really stood out with NetIQ is the complete package that's easy to use and is very flexible," Pap said, adding it was the only tool that delivered proactive capability to monitor security.
"I now have people looking at proactive reports [and] they can see immediately if someone has accessed the system or user profiles have changed."
Pap said the project has given SPT confidence that its corporate data is secure.
"This gives management a level of comfort that we have real-time monitoring, and has enabled my people to become a lot more productive in areas that will drive the business," he said. It has also cut the amount of time-consuming effort spent manually on ensuring security is upheld. Pap believes compliance is "fairly well" implemented in large organizations locally.
The advent of Sarbanes-Oxley in the US has "woken up" a lot of organizations in Australia, many of which are "taking pages out of" the US regulation to satisfy their own requirements.
"Whether it's mandated here or not, a lot of senior managers are moving towards that type of compliance," Pap said. "Whether it will be to the extent of Sarbanes-Oxley I'm not sure, but [they] will take components of it [and] it will happen quickly."
A 12-year veteran of iSeries computing, SPT will upgrade again in the next six to 12 months as Pap admits "we're getting blood out of a stone" with the existing two-year-old system.